Gpg does apply strengthening (controlled by the --s2k-* options, defaulting to an 8-byte salt and 65536 rounds of its KDF; I don't know what the KDF is). I would hope that OpenPGP does something similar.
–
GillesJun 2 '12 at 22:52

@AndreyBotalov, I know, and that's one kind of threat that GPG's slow hash function is designed to mitigate / defend against. Those threats make it all the more important to use a slow hash function.
–
D.W.Jun 4 '12 at 16:11

GnuPG's functions used for password hashing are MD5, SHA1, SHA2s, RIPEMD-160 with large number of rounds. They can be computed efficiently at GPU.
–
Andrey BotalovJun 4 '12 at 16:32

@AndreyBotalov, thanks, that's a good link and very helpful! I think what you are suggesting is that GPG would be even better off to use scrypt or bcrypt. Agreed. That's a good point. (On the other hand, keep in mind the last paragraph of the answer you link to: S2K is much better than a simple non-iterated hash, though I agree bcrypt or scrypt would be even better.)
–
D.W.Jul 17 '12 at 9:30

OpenPGP implementations apply hashing of password during S2K process. They allow to tweak algorithm and number of iterations.

By default GnuPG 1.4.12 uses SHA1 for hashing with 65536 rounds. Algorithm can be switched to MD5, RIPEMD160 or SHA2s. Number of iterations can be changed too. Current settings can be viewed by typing gpg --list-packets ~/.gnupg/secring.gpg